本ページは suse linux_enterprise_software_development_kit に影響する公開済み CVE(NVD の CPE 経由で関連付け)を列挙します。各行に深刻度指標・概要・公開日が含まれます。
| CVE | 概要 | ソース | CVSS 最大値 | EPSS(%) | 公開 | 更新 |
|---|---|---|---|---|---|---|
| CVE-2015-8866 | ext/libxml/libxml.c in PHP before 5.5.22 and 5.6.x before 5.6.6, when PHP-FPM is used, does not isolate each thread from libxml_disable_entity_loader changes in other threads, which allows remote attackers to conduct XML External Entity (XXE) and XML Entity Expansion (XEE) attacks via a crafted XML document, a related issue to CVE-2015-5161. | [email protected] | 9.6 | 4.03% | 2016-05-21 | 2026-06-16 |
| CVE-2016-3718 KEV | The (1) HTTP and (2) FTP coders in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allow remote attackers to conduct server-side request forgery (SSRF) attacks via a crafted image. | [email protected] | 5.5 | 76.90% | 2016-05-05 | 2026-06-16 |
| CVE-2016-3715 KEV | The EPHEMERAL coder in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allows remote attackers to delete arbitrary files via a crafted image. | [email protected] | 5.5 | 75.38% | 2016-05-05 | 2026-06-16 |
| CVE-2016-2782 | The treo_attach function in drivers/usb/serial/visor.c in the Linux kernel before 4.5 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by inserting a USB device that lacks a (1) bulk-in or (2) interrupt-in endpoint. | [email protected] | 4.6 | 1.65% | 2016-04-27 | 2026-06-16 |
| CVE-2016-3427 KEV | Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77; Java SE Embedded 8u77; and JRockit R28.3.9 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JMX. | [email protected] | 9.8 | 92.33% | 2016-04-21 | 2026-06-16 |
| CVE-2016-0668 | Unspecified vulnerability in Oracle MySQL 5.6.28 and earlier and 5.7.10 and earlier and MariaDB 10.0.x before 10.0.24 and 10.1.x before 10.1.12 allows local users to affect availability via vectors related to InnoDB. | [email protected] | 4.1 | 1.47% | 2016-04-21 | 2026-06-16 |
| CVE-2016-0651 | Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier allows local users to affect availability via vectors related to Optimizer. | [email protected] | 5.5 | 1.23% | 2016-04-21 | 2026-06-16 |
| CVE-2016-0642 | Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier, 5.6.29 and earlier, and 5.7.11 and earlier allows local users to affect integrity and availability via vectors related to Federated. | [email protected] | 4.7 | 1.18% | 2016-04-21 | 2026-06-16 |
| CVE-2015-8779 | Stack-based buffer overflow in the catopen function in the GNU C Library (aka glibc or libc6) before 2.23 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long catalog name. | [email protected] | 9.8 | 5.97% | 2016-04-19 | 2026-06-16 |
| CVE-2015-8778 | Integer overflow in the GNU C Library (aka glibc or libc6) before 2.23 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via the size argument to the __hcreate_r function, which triggers out-of-bounds heap-memory access. | [email protected] | 9.8 | 5.51% | 2016-04-19 | 2026-06-16 |
| CVE-2015-8776 | The strftime function in the GNU C Library (aka glibc or libc6) before 2.23 allows context-dependent attackers to cause a denial of service (application crash) or possibly obtain sensitive information via an out-of-range time value. | [email protected] | 9.1 | 4.61% | 2016-04-19 | 2026-06-16 |
| CVE-2014-9761 | Multiple stack-based buffer overflows in the GNU C Library (aka glibc or libc6) before 2.23 allow context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long argument to the (1) nan, (2) nanf, or (3) nanl function. | [email protected] | 9.8 | 5.51% | 2016-04-19 | 2026-06-16 |
| CVE-2016-3630 | The binary delta decoder in Mercurial before 3.7.3 allows remote attackers to execute arbitrary code via a (1) clone, (2) push, or (3) pull command, related to (a) a list sizing rounding error and (b) short records. | [email protected] | 8.8 | 4.83% | 2016-04-13 | 2026-06-16 |
| CVE-2016-3069 | Mercurial before 3.7.3 allows remote attackers to execute arbitrary code via a crafted name when converting a Git repository. | [email protected] | 8.8 | 4.95% | 2016-04-13 | 2026-06-16 |
| CVE-2016-3068 | Mercurial before 3.7.3 allows remote attackers to execute arbitrary code via a crafted git ext:: URL when cloning a subrepository. | [email protected] | 8.8 | 5.41% | 2016-04-13 | 2026-06-16 |
| CVE-2015-8551 | The PCI backend driver in Xen, when running on an x86 system and using Linux 3.1.x through 4.3.x as the driver domain, allows local guest administrators to hit BUG conditions and cause a denial of service (NULL pointer dereference and host OS crash) by leveraging a system with access to a passed-through MSI or MSI-X capable physical PCI device and a crafted sequence of XEN_PCI_OP_* operations, aka "Linux pciback missing sanity checks." | [email protected] | 6.0 | 0.45% | 2016-04-13 | 2026-06-16 |
| CVE-2015-5969 | The mysql-systemd-helper script in the mysql-community-server package before 5.6.28-2.17.1 in openSUSE 13.2 and before 5.6.28-13.1 in openSUSE Leap 42.1 and the mariadb package before 10.0.22-2.21.2 in openSUSE 13.2 and before 10.0.22-3.1 in SUSE Linux Enterprise (SLE) 12.1 and openSUSE Leap 42.1 allows local users to discover database credentials by listing a process and its arguments. | [email protected] | 6.2 | 0.39% | 2016-04-08 | 2026-06-16 |
| CVE-2016-2324 | Integer overflow in Git before 2.7.4 allows remote attackers to execute arbitrary code via a (1) long filename or (2) many nested trees, which triggers a heap-based buffer overflow. | [email protected] | 9.8 | 18.81% | 2016-04-08 | 2026-06-16 |
| CVE-2016-2315 | revision.c in git before 2.7.4 uses an incorrect integer data type, which allows remote attackers to execute arbitrary code via a (1) long filename or (2) many nested trees, leading to a heap-based buffer overflow. | [email protected] | 9.8 | 17.98% | 2016-04-08 | 2026-06-16 |
| CVE-2016-1286 | named in ISC BIND 9.x before 9.9.8-P4 and 9.10.x before 9.10.3-P4 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a crafted signature record for a DNAME record, related to db.c and resolver.c. | [email protected] | 8.6 | 62.10% | 2016-03-09 | 2026-06-16 |